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I, Marc D. Van Heyningen, do hereby declare as follows: 

1 . 1 am named as the inventor in U.S. Patent Application No. 09/782,593, filed February 
12, 2001. 1 am an employee of Aventail Corporation having a place of business at 808 Howell 
Street, Second Floor, Seattle, Washington 98101, and I am over the age of eighteen years. 

2. 1 am advised that Exhibit A contains a true and correct copy of the claims currently 
pending in U.S. Patent Application No. 09/782,593, namely claims 1-22. 1 have read and 
understand these claims. 

3. 1 also have been informed that the United States Patent and Trademark Office has 
rejected claims 4-7 and 10-22 as contained in Exhibit A based upon U.S. Patent Application No. 
2002/0094085 Al to Roberts. I understand that the Roberts patent claims an effective U.S. filing 
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date of January 16, 2001. 

4. 1 have reviewed (a) the computer code file entitled "ssictx.c" (a printed copy of which 
is attached as Exhibit B), (b) the computer code file entitled "sslrec.c" (a printed copy of which is 
attached as Exhibit C), (c) the computer code file entitled "ciphersx" (a printed copy of which is 
attached as Exhibit D), and (d) the computer code entitled "sslenv.c" (a printed copy of which is 
attached as Exhibit E). I created each of these files of computer code by revising existing 
computer code to implement the invention as described in my patent application and recited in 
claims 4-7 and 10-22 (Exhibit A). I have obtained each of these files of computer code from our 
company's records. The copy of each of these files of computer code has been changed to include 
line numbers for the code lines. The line numbers were added in Exhibit B. through Exhibit E to 
make the discussion below easier to follow, i.e., so that the cited code line numbers below would 
be readily available with the attached copy of the code. 

5. As will be described in more detail below, the attached computer code, when 
implemented on a computer system, allows one to encrypt and transmit data records between a 
first computer and a second computer using an unreliable communication protocol in the manner 
described in my patent application and recited in claims 4-7 and 10-22 (Exhibit A). 

6. One feature of a claim in my patent application relates to encrypting and transmitting 
data records between a first computer and a second computer using an unreliable communication 
protocol wherein each data record is encrypted by incorporating a nonce and without reference to 
a previously transmitted data record (note, for example, claims 4-6). 

7. Referencing the source code, portions of the code that implement functionality relating 
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to my invention typically reference the term "SSLoppy", the working name for the development 

of the invention when this code was created. This term refers to the features provided by the 

invention that allows Secure Sockets Layer (SSL) records to be dropped and reordered during 

communication without disruption, which thus offer a "sloppy" variation of the SSL 

communication technique. The role of the first computer is included in: sslrec.c, lines 326-336, 

where the computer code adds extra room to a record for the inclusion of an explicit nonce, lines 

354-378, where the computer code generates the nonce randomly, uses it in place of the sequence 

number in computing the MAC, and includes it in the record being built, lines 406-410, where 

the computer code passes this nonce to the encryption function, and in file cipher.c, lines 252- 

257, where the computer code uses the passed nonce value as an initial vector (TV), if present. 

The role of the second computer in reading these records is described in: file sslrec.c, lines 450- 

455, where the code parses the nonce out of incoming records, lines 466-475, where the code 

passes this nonce to the decryption function, and in file cipher.c, lines 323-328, where the code 

uses the passed nonce as the initial vector (IV), if present. 

8. Another feature of a claim in my patent application relates to encrypting and transmitting 

data records between a first computer and a second computer using an unreliable communication 

protocol wherein an indicator is embedded in each of the data records indicating that the data records 

are encrypted according to an encryption scheme that encrypts records without regard to any 

previously transmitted data records, and the second computer determines whether the indicator is 

present in each record and, in response to determining that the indicator is not present, processes 

each such record differently than if the indicator is set (note, for example, claim 7). 

3 
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9. Referencing the source code, in file sslrec.c, the role of the first computer in sending its 

different form of data is included in: lines 326-336, where the software code allocates extra space 

in the record for the nonce, if necessary, lines 354-391, where the ssloppy flag is used to decide 

whether to generate the record differently, lines 406-410, where the same flag is used to decide 

whether to use the nonce as the initial vector (IV) for the symmetric cipher algorithm, and lines 

424-428, where the flag is used to decide whether to increment the sequence number. The role of 

the second computer, in receiving a packet of a different form of data, is included in: lines 95-99, 

where the software code checks a flag in the mcorning record to verify that it is only receiving the 

new type of reorderable data when expected, lines 221-222, where the software code uses the 

same flag to determine whether to increment the sequence number, lines 450-454, where the 

software code uses the same flag to determine whether to extract the nonce from the record, lines 

466-480, where the software code uses the same flag to decide whether to use this nonce as the 

initial vector (TV) when decrypting the record, and lines 497-517, where the software code uses 

the same flag to decide whether to use the nonce in place of the sequence number when verifying 

the MAC. 

10.. Still another feature of a claim in my patent application relates to securely 
transmitting a plurality of data records between a client computer and a proxy server using an 
unreliable communication protocol, that include the steps of establishing a reliable connection 
between the client computer and the proxy server, exchanging encryption credentials between the 
client computer and the proxy server over the reliable connection generating a nonce for each of 
a plurality of data records, wherein each nonce comprises an initialization vector necessary, to 

4 



Copied from 09782595 on 04/04/2005 



NpV-17-2004 WED 01:57 PM AVENTAIL CORPORATION 



FAX NO. 2062151120 



P. 06/08 



U.S. Pat. App.No.: 09/782,593 
Atty. Docket No.: 005313.00001 

decrypt a corresponding one of the plurality of data records, using the nonce to encrypt each of 

the plurality of data records and appending the nonce to each of the plurality of data records, 

transmitting the plurality of encrypted data records from the client computer to the proxy server 

using an unreliable communication protocol, and, in the proxy server, decrypting each of the 

plurality of encrypted data records using a corresponding nonce extracted from each data record 

and a previously shared encryption key (note claims 10-1 5). 

11. The proxy server and client architecture described above was already a commercial 

shipping product from Aventail, Inc. by January 16, 2001 . Prior to the enhancements offered by 

the implementation of the invention, the product utilized the unreliable communication protocol 

"User Data Protocol" (UDP) to relay datagram records over a communication medium without 

any cryptographic protection. Comments in the software code refer to this process as "UDP 

Naked." The addition of the invention replaced "UDP Naked" with the "SSLoppy" process (as 

described above) thereby allowing communications to be cryptographically protected. 

Referencing the file sslenv.c, lines 1056-1067, for transmitting a datagram with this SSLoppy 

feature enabled, the SSLoppy encryption feature is turned on for the processing of a record by 

calling SSLSetSloppyMode to 1 , and, subsequent to processing of the record, resetting this value 

back to 0 (described in lines 1131, 1145, 1153, 1183, 1220, 1244, 1252, 1259, 1278, 1286, 1314, 

1347, 1359, and 1397). This software code processes only designated datagrams using the 

SSLoppy encryption process, and provides for standard SSL processing of data records being 

exchanged via a reliable communication protocol. The underlying functionality for selecting the 

SSLoppy encryption process is in sslctx.c, lines 899-91 1, where this function call sets the ctx- 
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>ssloppy flag. This flag is used to read and write records in the mode documented in paragraph 9 

above. 

12. Still another feature of a claim in my patent application relates to a system for 
securely transmitting data using an unreliable protocol that includes a first computer comprising 
a communication protocol client function operable in conjunction with an application program to 
transmit data records securely using an unreliable protocol, and a second computer coupled to the 
first computer and comprising a communication protocol server function operable in conjunction 
with the communication protocol client function to receive data records securely using the 
unreliable communication protocol, wherein the communication protocol client function encrypts 
each data record using a nonce and an encryption key and appends the respective nonce to each 
of the encrypted data records, and wherein the communication protocol server function decrypts 
each of the data records using the respectively appended nonce and the encryption key (note 
claims 16-22). 

13. Supporting code is the same as that from paragraph 1 1 above. 

14. The "source code" software code existed in the form shown in Exhibits B through E 
prior to January 16, 2001. This computer code received unit testing and was used as aproof-of- 
concept in the development process. Using this software code, the invention performed in its 
intended manner prior to January 16, 2001, as described in our patent application and claims 4-7 
and 10-22 (as shown in Exhibit A), and thus was actually reduced to practice prior to January 16, 
2001. 
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DECLARATION IN UEU OF OATH 



15.1 further declare that all information stated herein based upon my own knowledge is 
true and that all information stated herein based on information and belief is believed to be true, 
and further that the statements made in this Declaration were made with the knowledge that 
willful false statements and the like so made are punishable by fine or imprisonment, or both, 
under Section 1001 of Title 18 of the United States Code, and that such willful false statements 
may jeopardize the validity of this application or any patent issuing based on this application. 



Date: 



By: 



Marc Van 




wentor 
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1. A method of transmitting data securely over a computer network, comprising the steps 

of: 

(1) establishing a communication path between a first computer and a second computer; 

(2) encrypting and transmitting data records between the first computer and the second 
computer using an unreliable communication protocol, wherein each data record is encrypted 
without reference to a previously transmitted data record; and 

(3) in the second computer, receiving and decrypting the data records transmitted in step 
(2) without reference to a previously received data record. 

2. The method of claim 1, further comprising the step of, prior to step (1), establishing a 
reliable communication path between the first computer and the second computer and 
exchanging security credentials over the reliable communication path. 

3. The method of claim 2, wherein the step of exchanging security credentials comprises 
the step of exchanging an encryption key that is used to encrypt the data records in step (2). 

4. The method of claim 1, wherein step (2) comprises the step of incorporating a nonce 
in each data record that is used by the second computer in combination with a previously shared 
encryption key to decrypt each of the data records in step (3). 

5. The method of claim 4, wherein the nonce comprises a random number. 

6. The method of claim 4, further comprising the step of, in the second computer, 
verifying that the nonce has not previously been received in a previously transmitted data record. 

7. The method of claim 1, 

wherein step (2) comprises the step of embedding an indicator in each of the data records 
indicating that the data records are encrypted according to an encryption scheme that encrypts 
records without regard to any previously transmitted data records, and 

wherein step (3) comprises the step of determining whether the indicator is present in 
each record and, in response to determining that the indicator is not present, processing each 
such record differently than if the indicator is set. 

8. The method of claim 1, wherein step (1) is performed using the Transmission Control 
Protocol, and wherein step (2) is performed using the User Datagram Protocol. 

9. The method of claim 1, wherein step (2) is performed by a proxy server that encrypts 
data records received from another server. 

10. A method of securely transmitting a plurality of data records between a client 
computer and a proxy server using an unreliable communication protocol, comprising the steps 
of: 

(1) establishing a reliable connection between the client computer and the proxy server; 

(2) exchanging encryption credentials between the client computer and the proxy server 
over the reliable connection; 
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(3) generating a nonce for each of a plurality of data records, wherein each nonce 
comprises an initialization vector necessary to decrypt a corresponding one of the plurality of 
data records; 

(4) using the nonce to encrypt each of the plurality of data records and appending the 
nonce to each of the plurality of data records; 

(5) transmitting the plurality of data records encrypted in step (4) from the client 
computer to the proxy server using an unreliable communication protocol; and 

(6) in the proxy server, decrypting each of the plurality of encrypted data records using a 
corresponding nonce extracted from each data record and a previously shared encryption key. 

11. The method of claim 10, wherein step (6) comprises the step of checking to 
determine whether each data record received from the client computer is formatted according to 
a secure unreliable transmission format and, if a particular record is not formatted according to a 
secure unreliable transmission format, bypassing the decryption using the corresponding nonce. 

12. The method of claim 10, wherein step (3) comprises the step of generating a random 
number as each nonce. 

13. The method of claim 10, wherein step (1) is performed using Transmission Control 
Protocol, and wherein step (5) is performed using User Datagram Protocol. 

14. The method of claim 10, wherein step (6) is performed using an encryption key 
previously shared using a reliable communication protocol. 

15. The method of claim 14, wherein the reliable communication protocol is 
Transmission Control Protocol. 

16. A system for securely transmitting data using an unreliable protocol, comprising: 
a first computer comprising a communication protocol client function operable in 

conjunction with an application program to transmit data records securely using an unreliable 
protocol; and 

a second computer coupled to the first computer and comprising a communication 
protocol server function operable in conjunction with the communication protocol client function 
to receive data records securely using the unreliable communication protocol, 

wherein the communication protocol client function encrypts each data record using a 
nonce and an encryption key and appends the respective nonce to each of the encrypted data 
records; and 

wherein the communication protocol server function decrypts each of the data records 
using the respectively appended nonce and the encryption key. 

17. The system of claim 16, wherein the communication protocol client function 
exchanges encryption credentials with the communication protocol server function using a 
reliable communication protocol. 
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18. The system of claim 17, wherein the unreliable communication protocol comprises 
the User Datagram Protocol, and wherein the reliable communication protocol comprises the 
Transmission Control Protocol. 

19. The system of claim 16, wherein the communication protocol client function and the 
communication protocol server function are compatible with the SOCKS communication 
protocol. 

20. The system of claim 16, wherein the communication protocol client f unction and the 
communication protocol server function are compatible with the SSL/TLS communication 
protocol. 

21. The system of claim 16, wherein the second computer comprises a proxy server that 
forwards decrypted records received from the first computer to a server computer. 

22. The system of claim 16, wherein the second computer comprises a record detector 
that determines whether an indicator has been set in each data record received from the first 
computer and, if the indicator has not been set, bypassing decryption in the server computer. 
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File: sdk / sslplus / src / sslctx.c Page 1 of 1 

Revision 1.18.2.1, by marcvh 



0 ((include <stdio.h> 
1 

2 /* ((define HYPER_DEBUG 1 */ 
3 

5 File: sslctx.c 



Portions of this software are based on SSLRef(tm) 3.0, which is 
Copyright (c)1996 by Netscape Communications Corporation. SSLRef(tm) 
was developed by Netscape Communications Corporation and Consensus 
Development Corporation. 

In order to obtain this software, your company must have signed 
either a PRODUCT EVALUATION LICENSE (a copy of which is included in 
the file "LICENSE.TXT"), or a PRODUCT DEVELOPMENT LICENSE. These 
licenses have different limitations regarding how you are allowed to 
use the software. Before retrieving (or using) this software, you 
*must* ascertain which of these licenses your company currently 
holds. Then, by retrieving (or using) this software you agree to 
abide by the particular terms of that license. If you do not agree 
to abide by the particular terms of that license, than you must 
immediately delete this software. If your company does not have a 
signed license of either kind, then you must either contact 
Consensus Development and execute a valid license before retrieving 
(or using) this software, or immediately delete this software. 



SSLContext accessors 

mfigure an SSLContext 
;e of this file and the fact that most of it is not relevant, we include only the relevant function SSLSetSloppyMode here> 



899 SSLErr CDECL SSLSetSloppyMode (SSLContext *ctx, int m) 

900 { 

901 if(ctx == NULL) 

902 return SSLUnknownErr; 
903 

904 if ( (ctx->selectedCipherSpec->cipher->blockSize == 0) &S 

905 (ctx->selectedCipherSpec->cipher->keySize > 0)) 

906 return SSLProtocolErr; 
907 

908 ctx->ssloppy = m; 
909 

910 return SSLNoErr; 

911 } 
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File: sslrec.c 



Copyright (c)1996, 1997 by Consensus Development Corporation 
Copyright (c)1997, 1998 by Aventail Corporation 

Portions of this software are based on SSLRef(tm) 3.0, which is 
Copyright (c)1996 by Netscape Communications Corporation. SSLRef(tm) 
was developed by Netscape Communications Corporation and Consensus 
Development Corporation. 

In order to obtain this software, your company must have signed 
either a PRODUCT EVALUATION LICENSE (a copy of which is included in 
the file "LICENSE.TXT") , or a PRODUCT DEVELOPMENT LICENSE. These 
licenses have different limitations regarding how you are allowed to 
use the software. Before retrieving (or using) this software, you 
*must* ascertain which of these licenses your company currently 
holds. Then, by retrieving (or using) this software you agree to 
abide by the particular terms of that license. If you do not agree 
to abide by the particular terms of that license, than you must 
immediately delete this software. If your company does not have a 
signed license of either kind, then you must either contact 
Consensus Development and execute a valid license before retrieving 
(or using) this software, or immediately delete this software. 



30 File: sslrec.c Encryption, decryption and MACing of data 
31 

32 All the transformations which occur between plaintext and the 

33 secured, authenticated data that goes out over the wire. Also, 

34 detects incoming SSL 2 hello messages and hands them off to the SSL 2 

35 record layer (and hands all SSL 2 reading s writing off to the SSL 2 

36 layer) . 
37 

39 ' 

40 /* ((define HYPER_DEBUG 1 */ 
41 

42 jfifdef HYPER_DEBUG 

43 #include <stdio.h> 

44 #endif 



50 Kifndef _SSLREC_H_ 

51 #include "sslrec.h" 

52 #endif 
53 

54 (tifndef _SSLALLOC_H_ 

55 #include "sslalloc.h" 

56 #endif 
57 

58 (tifndef _CRYPTYPE_H_ 

59 ((include "cryptype.h" 

60 #endif 
61 

62 #ifndef _SSLCTX_H_ 

63 #include "sslctx.h" 

64 #endif 
65 

66 (tifndef _SSLALERT_H_ 

67 ((include "sslalert .h" 

68 (tendif 
69 

70 (fifndef _SSL2_H_ 
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71 #include "ssl2.h" 

72 #endif 
73 

74 ((include <string.h> 
75 

76 static SSLErr DecryptSSLRecord (uint8 type, SSLBuffer *payload, SSLContext *ctx) ; 

77 static SSLErr VerifyMAC (uint8 type, SSLBuffer data, uint8 *compareMAC, uint64 seqNo, SSLContext 

78 static SSLErr ComputeMAC (uint8 type, SSLBuffer data, SSLBuffer mac, uint64 seqNo, SSLBuffer 

secret, CipherContext *cipherCtx, SSLContext *ctx) ; 

79 static uint8* SSLEncodeUInt64 (uint8 *p, uint64 value); 
80 

81 /* ReadSSLRecord 



82 * Attempt to read s decrypt an SSL record. 

83 */ 

84 SSLErr 

85 SSLReadRecord(SSLRecord *rec, SSLContext *ctx) 

86 { SSLErr err; 

87 uint32 len, contentLen; 

88 uint8 *progress; 

89 SSLBuffer readData, cipher Fragment; 
90 

91 #ifdef HYPER_DEBUG 

92 fprintf (stderr, "Got into SSLReadRecord, wheel \n"); 

93 #endif 
94 

95 /* if we get UDP data when we aren't expecting it, that's really bad, 

96 so report an appropriate error. */ 

97 if ( (rec->contentType == SSL_application_data_ssloppy) s& 

98 (! ctx->ssloppy) ) 

99 return SSLProtocolErr; 
100 

101 
102 

103 if ( !ctx->partialReadBuffer .data II ctx->partialReadBuf fer . length < 5) 

104 { if (ctx->partialReadBuffer.data) 

105 if ((err = SSLFreeBuf fer (Sctx->partialReadBuf fer, &ctx->sysCtx) ) != 0) 

106 ( SSLFatalSessionAlert (alert_close_notify, ctx); 

107 return ERR(err); 

108 ) 

109 if ( (err = SSLAllocBuf fer ( sctx->partialReadBuf fer, DEFAULT_BUFFER_SIZE, sctx->sysCtx) ) 
!= 0) 

110 { SSLFatalSessionAlert (alert_close_notify, ctx); 

111 return ERR (err) ; 

112 ) 

113 ) 
114 

115 if (ctx->protocolVersion == SSL_Version_Undetermined | | 

116 ctx->protocolVersion == SSL_Version_3_0_With_2_0_Hello) 

117 if (ctx->amountRead < 1) 

118 ( readData. length = 1 - ctx->amountRead; 

119 readData. data = ctx->partialReadBuf fer .data + ctx->amountRead; 

120 len = readData. length; 

121 if (ERR(err = ctx->ioCtx . read (readData, slen, ctx->ioCtx . ioRef ) ) != 0) 

122 ( if (err == SSLWouldBlockErr ) 

123 ctx->amountRead += len; 

124 else 

125 SSLFatalSessionAlert (alert_close_notify, ctx); 

126 return err; 

127 ) 

128 ctx->amountRead += len; 

129 ) 
130 

131 /* In undetermined cases, if the first byte isn't in the range of SSL 3.0 

132 * record types, this is an SSL 2.0 record 

133 */ 

134 switch (ctx->protocol Version) 

135 { case SSL_Version_Undetermined: 

136 case SSL_Version_3_0_With_2_0_Hello : 

137 if (ctx- >partialReadBuf fer. data [0] < SSL_smallest_3_0_type II 

138 ctx->partialReadBuf fer. data [0] > SSL_largest_3_0_type) 
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139 return SSL2ReadRecord (rec, ctx); 

140 else 

141 break; 

142 case SSL_Version_2_0 : 

143 return SSL2ReadRecord ( rec, ctx); 

144 default: 

145 break; 

146 ) 
147 

148 

149 #ifdef HYPER_DEBUG 

150 fprintf (stderr, "About to get into the read callback stuffW); 

151 (tendif 

152 if (ctx->amountRead < 5) 

153 < readData. length = 5 - ctx->amountRead; 

154 readData. data = ctx->partialReadBuf fer.data + ctx->amountRead; 

155 len = readData . length; 

156 if (ERR(err = ctx->ioCtx. read(readData, slen, ctx->ioCtx . ioRef ) ) != 0) 

157 { if (err == SSLWouldBlockErr ) 

158 ctx->amountRead += len; 

159 else if (err == SSLIOClosedOverrideGoodbyeKiss ss ctx->amountRead 
0) 

160 { SSLClose(ctx) ; 

161 return SSLConnectionClosedGraceful; 

162 } 

163 else 

164 SSLFatalSessionAlert (alert_close_notify, ctx); 

165 return err; 

166 ) 

167 ctx->amountRead += len; 

168 ) 
169 

170 ASSERT (ctx->amountRead >= 5); 
171 

172 progress = ctx->partialReadBuf fer .data; 

173 rec->contentType = *progress++; 

174 if (rec->contentType < SSL_smallest_3_0_type | | 

175 rec->contentType > SSL_largest_3_0_type) 

176 return ERR (SSLProtocolErr) ; 
177 

178 rec->protocol Version = (SSLProtocol Version) SSLDecodelnt (progress, 2); 

179 progress += 2; 

180 contention = SSLDecodelnt (progress, 2); 

181 progress += 2; 

182 if (contention > (16384 + 2048)) /* Maximum legal length of an SSLCipherText payload 

183 ( SSLFatalSessionAlert(alert_unexpected_message, ctx); 

184 return ERR(SSLProtocolErr) ; 

185 ) 
186 

187 if (ctx->partialReadBuf fer .length < 5 + contention) 

188 ( if ((err = SSLReallocBuf fer (sctx->partialReadBuf fer, 5 + contention, sctx->sysCtx) ) 
0) 

189 ( SSLFatalSessionAlert(alert_close_notify, ctx); 

190 return ERR(err) ; 

191 ) 

192 ) 
193 

194 if (ctx->amountRead < 5 + contention) 

195 { readData. length = 5 + contention - ctx->amountRead; 

196 readData. data = ctx->partialReadBuf fer . data + ctx->amountRead; 

197 len = readData . length; 

198 if (ERR(err = ctx->ioCtx . read (readData, &len, ctx->ioCtx . ioRef ) ) != 0) 

199 { if (err == SSLWouldBlockErr) 

200 ctx->amountRead += len; 

201 else 

202 SSLFatalSessionAlert(alert_close_notify, ctx); 

203 return err; 

204 ) 

205 ctx->amountRead += len; 

206 ) 
207 
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208 ASSERT (ctx->amountRead >= 5 + contention) ; 
209 

210 cipherFragment.data = ctx->partialReadBuf fer . data + 5; 

211 cipherFragment . length = contention; 
212 

213 /* Decrypt the payload & check the MAC, modifying the length of the buffer to indicate the 

214 * amount of plaintext data after adjusting for the block size and removing the MAC 

215 * (this function generates its own alerts) 

216 */ 

217 if ((err = DecryptSSLRecord (rec->contentType, scipherFragment, ctx) ) != 0) 

218 return err; 
219 

220 /* We appear to have sucessfully received a record; increment the sequence number */ 

221 if (rec->contentType != SSL_application_data_ssloppy) 

222 IncrementUInt64 (sctx->readCipher . sequenceNum) ; 
223 

224 

225 ffifdef SSL_COMPRESSION 

226 if ( (ctx->compressNow) ss (ctx->selectedCompression != NULL) && 

227 (ctx->selectedCompression->identifier != 0) ) { 



229 /* Allocate e 



DEFAULT_BUFFER_S I ZE , 



■ Sctx->sysCtx) ) != SSLNoErr 
SSLFatalSessionAlei 
return ERR (err) ; 



: (alert_close 



:tx->selectedCompression->process (cipherFragment, 



:x->readCompressRef , 



= SSLNoErr) { 



243 iifdef HYPER DEBUG 



SSLFreeBuf fer (srec->contents, &ctx->sysCtx) ; 
SSLFatalSessionAlert (alert_decompression_failure, 
return ERR (err) ; 



fprintf (stderr, "Deomp: 



cipherFragment. length) , 

246 #endif 

247 } else { 



memcpy (rec- 



memcpy ( r< 



252 
253 
254 

cipherFragment . length) 

255 

256 #else 
257 

258 #endif 
259 

2 60 ctx->amountRead = 0; /* We've 

261 

262 return SSLNoErr; 

263 ) 
264 

2 65 /* SSLWriteRecord does not send alerts c 

266 * that this might result in a loop (si 

267 * to be called) . 



r = SSLAllocBufferl 
&ctx->sysCtx) ) != 0) 

SSLFatalSessionAlert (alert_cl( 



•contents, cipherFragment . length, 



R(e] 



0; 



.data, cipherFragment. c 



i.data, cipherFragment.data, (size_t) cipherFragment .length) ; 



i used all the data in the cache */ 
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SSLContext *ctx) 
SSLErr err; 

int padding = 0, i, freerec = 0; 

WaitingRecord *out, *queue; 
SSLBuffer buf, payload, secret, mac, nc 

uint8 *progress; 

uintl6 payloadSize,blockSize,nonceSize = 

if (rec.protocolVersion == SSL_Version_2_0) 



284 #ifdef SSL_COMPRESSION 

285 if ( (ctx->compressNow) && (ctx->selectedCompressi 

286 (ctx->selectedCompression->identifier ! 

287 SSLBuffer compdata; 



:) ) != SSLNoErr ) 

return ERR(err) ; 
:->selectedCompression->process (rec 



;x->writeCompressRef , 



!= SSLNoErr) { 

SSLFreeBuf fer (scompdata, 



eContents = compdata; 



302 #endif 



/* Allocate a WaitingRecord to £ 
if ((err = SSLAllocBuf f er ( &buf , 

return ERR(err) ; 
out = (WaitingRecord* ) buf .data; 

out->sent = 0; 

Allocate enough room for the transmitted record, which will be: 

* 5 bytes of header + 

* encrypted contents + 

* macLength + 

* padding [block ciphers only] + 

* padding length field (1 byte) [block ciphers only] 
*/ 

payloadSize = (uintl6) (rec . contents . length + ctx->writeCipher .hash->digestSiz« 
blockSize = ctx->writeCipher . symCipher->blockSize; 
if (blockSize > 0) 

{ padding = blockSize - (payloadSize % blockSize) - 1; 
payloadSize = (uintl6) (payloadSize + padding + 1) ; 



/* in this case we need more room, for the nonce */ 

nonceSize = (uintl6) MAX (sizeof (uint64) , ctx->writeCipher . symCipher->ivSiz« 
payloadSize += nonceSize; decided this was wrong logic */ 

it->data.data = 0; 
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334 if ((err = SSLAllocBuf fer (&out->data, 5 + payloadSize + nonceSize, 

335 Sctx->sysCtx) ) != 0) 

336 goto fail; 
337 

338 progress = out->data . data; 

339 * (progress++) = rec . contentType; 

340 progress = SSLEncodelnt (progress, rec. protocol Version, 2); 

341 progress = SSLEncodelnt (progress, payloadSize, 2); 
342 

343 /* Copy the contents into the output buffer */ 

344 memcpy (progress, rec . contents . data, (size_t) rec. contents .length) ; 

345 payload.data = progress; 

346 payload. length = rec . contents . length; 
347 

348 progress += rec . contents .length; 

349 /* MAC immediately follows data */ 

350 mac. data = progress; 

351 mac. length = ctx->writeCipher .hash->digestSize; 

352 progress += mac. length; 
353 

354 if (ctx->ssloppy) 

355 { 

356 uint64 noncevalue; 
357 

358 if ( (err = SSLAllocBuf fer (snonce, nonceSize, sctx->sysCtx) ) !=SSLNoErr) 

359 goto fail; 

360 if ((err = ctx->sysCtx . random (nonce, ctx->sysCtx . randomRef ) ) != SSLNoErr) 

361 goto fail; 
362 

363 memcpy (snoncevalue, nonce. data, sizeof (noncevalue) ) ; 

364 

365 /* MAC the data, sloppy-style */ 

366 if (mac. length > 0) /* Optimize away null case */ 

367 ( 

368 secret. data = ctx->writeCipher .macSecret; 

369 secret. length = ctx->writeCipher .hash->digestSize; 

370 if ((err = ComputeMAC (rec . contentType, payload, mac, noncevalue, 

371 secret, &ctx->writeCipher, ctx) ) != 0) 

372 goto fail; 

373 } 
374 

375 memcpy (progress, nonce. data, nonce . length) ; 

37 6 progress += nonce . length; 

377 

378 ) 

379 else 

380 { 

381 /* MAC the data, normal mode */ 

382 if (mac. length > 0) /* Optimize away null case */ 

383 { 

384 secret. data = ctx->writeCipher .macSecret; 

385 secret. length = ctx->writeCipher .hash->digestSize; 

386 if ((err = ComputeMAC (rec. contentType, payload, mac, 

387 ctx->writeCipher . sequenceNum, secret, 

388 sctx->writeCipher, ctx)) != 0) 

389 goto fail; 

390 ) 

391 } 
392 

393 /* Update payload to reflect encrypted data: contents, mac & padding */ 

394 payload. length = payloadSize; 
395 

396 /* Fill in the padding bytes & padding length field with the padding value; the 

397 * protocol only requires the last byte, 

398 * but filling them all in avoids leaking data 

399 */ 

400 if (ctx->writeCipher.symCipher->blockSize > 0) 

401 for (i = 1; i <= padding + 1; ++i) 

402 payload.data [payload. length - i] = (uint8 ) padding; 
403 

404 /* Encrypt the data */ 
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>ssloppy ? {.nonce :NULL, 
>writeCipher . symCipherState, 
!= 0) 

DUMP_BUFFER_NAME( "encrypted data", payload) ; 

I* Enqueue the record to be written from the idle 
if (ctx->recordWriteQueue == 0) 
ctx->recordWriteQueue = out; 

else 

{ queue = ctx->recordWriteQueue; 
while (queue->next != 0) 
queue = queue->next; 



, sequenceNum) ; 
:c. contents) , sctx->sysCtx) ; 



433 return SSLNoErr; 

434 

435 fail: /* Only for if we fail between when the WaitingRecord is allocated and when it 

queued */ 

436 SSLFreeBuffer (sout->data, sctx->sysCtx) ; 

437 buf.data = (uint8*)out; 

438 buf. length = sizeof (WaitingRecord) ; 

439 SSLFreeBuffer (Sbuf, Sctx->sysCtx) ; 

440 if(freerec) 

441 SSLFreeBuffer (& (i 

442 return ERR (err) ; 

443 ) 

445 static SSLErr 

446 DecryptSSLRecord(uint8 type, SSLBuffer *payload, 

447 { SSLErr err; 

448 SSLBuffer content, nonce; 



nonce. length = MAX(sizeof (uint64) , ctx->readCiphei 
nonce. data = payload->data + (payload->length - n( 
payload->length -= nonce . length; 

) 

if ( (ctx->readCipher.symCipher->blockSize > 0) &s 

( (payload->length % ctx->readCipher . symCipher->blockSize) != 0)) 

{ SSLFatalSessionAlert(alert_unexpected_message, ctx) ; 
return ERR (SSLProtocolErr ) ; 

} 

/* Decrypt in place */ 

DUMP_BUFFER_NAME( "encrypted data", (*payload)); 

if (type == SSL_application_data_ssloppy) 
{ 

if ((err = ctx->readCipher . symCipher->decrypt (*payload, *payload, snonce, ctx- 
>readCipher. symCipherState, ctx)) != 0) 
{ 
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473 



if ((err = ctx->readCipher .symCipher->decrypt (*payload, *payload, NULL, ctx- 
>readCipher.symCipherState, ctx)) != 0) 

{ SSLFatalSessionAlert (alert_close_notify, ctx); 
return ERR(err) ; 



DUMP_BUFFER_NAME ( "decrypted data", (*payload) ) ; 



483 /* Locate content 



dthin decrypted payload */ 
..data = payload->data; 

..length = payload->length - ctx->readCiphi 
:->readCipher . symCipher->blockSize > 0) 
padding can't be equal to or more than a block */ 
(payload->data [payload->length - 1] >= ctx->readCiphi 

SSLFatalSessionAlert (alert_unexpected_message, ctx) 

return ERR (SSLProtocolErr ) ; 



hash->digestSize; 

. symCipher->blockSiz« 



.length -= 1 + payload->data [payload->length - 1]; /* Remove block s 



495 /* Verify MAC on payload */ 

496 if (ctx->readCipher . hash->digestsize > 

497 if (type == SSL_application_data_: 

498 { 

499 uint64 nonceNumber; 



memcpy (snonceNuraber, nonce 
if ((err = VerifyMAC (type, 



izeof (nonceNumber 
, payload->data + 
nonceNumber, 



:_bad_record_mac, 



523 } 
524 



*payload = 



/* Modify payload buffer to indicate 



itic uint8* 

526 SSLEncodeUInt64 (uint8 *p, uint64 value) 

527 ( p = SSLEncodelnt (p, value. high, 4); 

528 return SSLEncodelnt (p, value. low, 4); 

529 ) 
530 

531 static SSLErr 

532 VerifyMAC (uint8 type, SSLBuffer data, uint8 *compareMAC, 

533 { SSLErr err; 

534 uint8 macData [MAX_DIGEST_SIZE] ; 

535 SSLBuffer secret, mac; 
536 

537 secret. data = ctx->readcipher .macSecret; 
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538 


secret . length = ctx->readCipher ,hash->digestSize; 








mac. data = macData; 






540 


mac. length = ctx->readCipher . hash->digestsize; 






541 








542 


if ((err = ComputeMAC (type, data, mac, seqNo, secret, 






543 


Sctx->readCipher, ctx) ) != 0) 








return ERR(err) ; 






545 








546 


if ( (memcmp (mac. data, compareMAC, (size_t) mac. length)) != 0) 








return ERR(SSLProtocolErr) ; 






548 








549 


return SSLNoErr; 






550 


} 






551 










static SSLErr 






553 


ComputeMAC (uint8 type, SSLBuffer data, SSLBuffer mac, uint64 seqNo, SSLBuffer sec 




554 


CipherContext *cipherCtx, SSLContext *ctx) 






555 


{ SSLErr err; 






556 


uint8 innerDigestData[MAX_DIGEST_SIZE] ; 






557 


uint8 scratchData [11] , *progress; 






558 


SSLBuffer digest, scratch; 






559 










iifdef HYPER DEBUG 






561 


int i; 






562 


fprintf (stderr, "Buffer: "); 








for(i = 0; i < data . length; i++) 






564 


fprintf (stderr, "%02x ", data. data [i] ) ; 






565 


fprintf (stderr, "\n"); 






566 








5 fl 


fprintf (stderr, "sequenceno: ") ; 








ford = 0; i < sizeof (uint64) ; i++) 






569 


fprintf (stderr, "%02x ", (unsigned char) *( (unsigned char *) 


sseqNo) + 


i) ; 


570 


fprintf (stderr, "\n"); 














572 


fprintf (stderr, "Secret: "); 






573 


for(i = 0; i < secret. length; i++) 






574 


fprintf (stderr, "%02x ", secret . data [i] ) ; 








fprintf (stderr, "\n"); 






576 


tendif 






577 










ASSERT (cipherCtx->hash->macPadSize <= MAX_MAC_PADDING) ; 






579 


ASSERT (cipherCtx->hash->digestSize <= MAX_DIGEST_SIZE) ; 






580 


ASSERT (SSLMACPadl [0] == 0x36 SS SSLMACPad2 [0] == 0x5C) ; 






581 








582 


if (cipherCtx->digestCtx.data == NOLL) ( 






^fM 


if ((err = SSLAllocBuf fer (icipherCtx->digestCtx, 
















!= 0) C P 6 Y 








goto exit; 








cipherCtx->hash->create (cipherCtx->digestCtx) ; 






589 


) 






590 


/* MAC = hash( MAC_write_secret + pad_2 + hash( MAC_write_secret + pad_ 




im + type + 




length + content ) ) */ 






591 


if ((err = cipherCtx->hash->init (cipherCtx->digestCtx) ) != 0) 






5 qt 


goto exit; 








if ((err = cipherCtx->hash->update (cipherCtx->digestCtx, secret)) 


= 0) / 


MA secre 




goto exit; 








scratch. data = SSLMACPadl; 






^q 6 


scratch. length = cipherCtx->hash->macPadSize; 








if ((err = cipherCtx->hash->update (cipherCtx->digestCtx, scratch)) 


!= 0) / 






goto exit; 






599 


progress = scratchData; 






600 


progress = SSLEncodeOInt64 (progress, seqNo); 






601 


*progress++ = type; 






602 


progress = SSLEncodelnt (progress, data. length, 2); 






603 


scratch. data = scratchData; 






604 


scratch. length = 11; 






605 


ASSERT (progress == scratchData+11 ) ; 






606 


if ((err = cipherCtx->hash->update (cipherCtx->digestCtx, scratch)) 


!= 0) / 


sequenceNo 



type S length */ 
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607 goto exit; 

608 if ((err = cipherCtx->hash->update (cipherCtx->digestCtx, data)) != 0) /* content */ 

609 goto exit; 

610 digest. data = innerDigestData; 

611 digest. length = cipherCtx->hash->digestSize; 

612 if ((err = cipherCtx->hash->f inal (cipherCtx->digestCtx, digest)) != 0) /* figure inner 
digest */ 

613 goto exit; 
614 

615 if ((err = cipherCtx->hash->init (cipherCtx->digestCtx) ) != 0) 

616 goto exit; 

617 if ((err = cipherCtx->hash->update (cipherCtx->digestCtx, secret)) != 0) /* MAC secret */ 

618 goto exit; 

619 scratch. data = SSLMACPad2; 

620 scratch. length = cipherCtx->hash->macPadSize; 

621 if ((err = cipherCtx->hash->update (cipherCtx->digestCtx, scratch)) != 0) /* pad2 */ 

622 goto exit; 

623 if ((err = cipherCtx->hash->update (cipherCtx->digestCtx, digest)) != 0) /* inner digest 
V 

624 goto exit; 

625 if ((err = cipherCtx->hash->f inal (cipherCtx->digestCtx, mac)) != 0) /* figure the mac */ 
62 6 goto exit; 

627 

628 err = SSLNoErr; /* redundant, I know */ 
629 

630 exit: 

631 return ERR (err) ; 

632 } 
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Portions of this software are based on SSLRef(tm) 3.0, which is 
Copyright (c)1996 by Netscape Communications Corporation. SSLRef(tm) 
was developed by Netscape Communications Corporation and Consensus 
Development Corporation. 

In order to obtain this software, your company must have signed 
either a PRODUCT EVALUATION LICENSE (a copy of which is included in 
the file "LICENSE . TXT" ) , or a PRODUCT DEVELOPMENT LICENSE. These 
licenses have different limitations regarding how you are allowed to 
use the software. Before retrieving (or using) this software, you 
*must* ascertain which of these licenses your company currently 
holds. Then, by retrieving (or using) this software you agree to 
abide by the particular terms of that license. If you do not agree 
to abide by the particular terms of that license, than you must 
immediately delete this software. If your company does not have a 
signed license of either kind, then you must either contact 

> Development and execute a valid license before retrieving 
ising) this software, or immediately delete this software. 



File: ciphers.c Data structures for handling supported ciphers 

Contains a table mapping cipherSuite values 
algorithms, key exchange procedures and so c 
algorithm, in order of preference. 



38 #ifndef _CRYPTYPE_H_ 

39 #include <cryptype.h> 

40 #endif 
41 

42 #ifndef _SSLCTX_H_ 

43 #include <sslctx.h> 

44 #endif 
45 

46 #include <string.h> 
47 

48 extern SSLSymmetricCipher SSLCipherNull; 

49 extern SSLSymmetricCipher SSLCipherDES_CBC; 

50 extern SSLSymmetricCipher SSLCipherDES40_CBC; 

51 extern SSLSymmetricCipher SSLCipherRC4_40; 

52 extern SSLSymmetricCipher SSLCipherRC4_56; 

53 extern SSLSymmetricCipher SSLCipherRC4_128; 

54 extern SSLSymmetricCipher SSLCipher3DES_CBC; 
55 

56 /* Even if we don't support NULL_WITH_NULL_NULL for transport, we need a reference for startup 

V 

57 SSLCipherSpec SSL_NULL_WITH_NULL_NULL_CipherSpec = 

58 { SSL_NULL_WITH_NULL_NULL, 

59 Exportable, 

60 SSL_NULL_auth, 

61 SSSLHashNullOpt, 

62 sSSLCipherNull 

63 }; 
64 

65 /* Disable non-exportable cipher suites to build an export only library */ 

66 ttifndef ENABLE_NONEXPORT_CIPHERS 

67 #define ENABLE_NONEXPORT_CIPHERS 1 

68 #endif 
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70 /* Disable exportable cipher suites to build a strong crypto only library */ 

71 #ifndef ENABLE_EX PORT_C I PHERS 

72 #define ENABLE_EXPORT_CIPHERS 1 

73 tendif 
74 

75 /* Reenable DH-anon only if you know you want to use Dif f ie-Hellman cipher suites: 

7 6 Enabling DH-anon leaves you open to a man-in-the-middle attack which can degrade your 

77 security to this level. */ 

78 (tifndef ENABLE_DH_ANON 

79 #define ENABLE_DH_ANON 0 

80 #endif 
81 

82 /* Reenable NULL encryption cipher suites only if you know for a fact you want to support 

83 unencrypted sessions. Unencrypted sessions do not provide data privacy and may be more 

84 vulnerable to attack than encrypted sessions. */ 

85 lifndef ENABLE_NULL_CI PHERS 

86 #define ENABLE_NULL_CI PHERS 0 

87 #endif 
88 

89 lifdef VIRGIN_SSLPLUS 

90 /* Order by preference */ 

91 SSLCipherSpec KnownCiphe r Specs [ ] = 

92 { 

93 #if ENABLE_NONEXPORT_CI PHERS 

94 ( SSL_RSA_WITH_3DES_EDE_CBC_SHA, NotExportable, SSL_RSA, SSSLHashSHAl, SSSLCipher3DES_CBC 
), 

95 { SSL_RSA_WITH_RC4_128_SHA, NotExpor table, SSL_RSA, SSSLHashSHAl, SSSLCipherRC4_128 }, 

96 { SSL_RSA_WITH_RC4_128_MD5, NotExpor table, SSL_RSA, SSSLHashMD5, SSSLCipherRC4_128 }, 

97 { SSL_RSA_WITH_DES_CBC_SHA, NotExpor table, SSL_RSA, SSSLHashSHAl, SSSLCipherDES_CBC }, 

98 #endif 

99 #if ENABLE_EXPORT_CI PHERS 

100 { SSL_RSA_EXPORT_WITH_RC4_40_MD5, Exportable, SSL_RSA_EXPORT, SSSLHashMD5, 
SSSLCipherRC4_40 ), 

101 { SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, Exportable, SSL_RSA_EXPORT, SSSLHashSHAl, 
SSSLCipherDES40_CBC }, 

102 #endif 

103 #if ENABLE_DH_ANON SS ENABLE_NONEXPORT_CI PHERS 

104 ( SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, NotExportable, SSL_DH_anon, SSSLHashSHAl, 
SSSLCipher3DES_CBC }, 

105 { SSL_DH_anon_WITH_RC4_128_MD5, NotExportable, SSL_DH_anon, sSSLHashMD5, 
sSSLCipherRC4_128 }, 

106 { SSL_DH_anon_WITH_DES_CBC_SHA, NotExportable, SSL_DH_anon, SSSLHashSHAl, 
SSSLCipherDES_CBC }, 

107 #endif 

108 #if ENABLE_NULL_CI PHERS SS ENABLE_EXPORT_CI PHERS 

109 { SSL_RSA_WITH_NULL_SHA, Exportable, SSL_RSA, SSSLHashSHAl, SSSLCipherNull ), 

110 { SSL_RSA_WITH_NULL_MD5, Exportable, SSL_RSA, SSSLHashMD5, SSSLCipherNull } 

111 #endif 

112 ); 
113 

114 int CipherSpecCount = sizeof (KnownCipherSpecs ) / sizeof (SSLCipherSpec) ; 

115 #endif /* VIRGIN_SSLPLUS */ 
116 

117 SSLErr 

118 FindCipherSpec (SSLContext *ctx, uintl6 specID, SSLCipherSpec* *spec) 

119 { 



120 int i; 

121 uint32 mask; 
122 

123 *spec = 0; 

124 for (i = 0; i < CipherSpecCount; i++) 

125 { 

126 if (KnownCipherSpecs [i] .cipherSpec == specID) 

127 { 

128 mask = (uint32) 1; 

129 mask «= i; 

130 if (ctx->cipherspecs s mask) 

131 ( 

132 *spec = SKnownCipherSpecs [i] ; 

133 break; 

134 } 
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(*spec == 0) /* Not found */ 

return SSLNegotiationErr; 
turn SSLNoErr; 



*cipherRef, SSLContext 
*ctx) ; 

145 SSLErr SSLDESDecrypt ( SSLBuf f er src, SSLBuffer dest, SSLBuffer *iv, void *cipherRef, SSLContext 

*ctx) ; 

146 SSLErr SSLDESFinish (void *cipherRef, SSLContext *ctx) ; 

147 SSLErr SSLDESExport (void *cipherRef, SSLContext *ctx, SSLBuffer *blob) ; 

148 SSLErr SSLDESImport (void **cipherRef, SSLContext *ctx, SSLBuffer *blob) ; 
149 

150 SSLSynunetricCipher SSLCipherDES_CBC = ( 

151 8, /* Key size in bytes */ 

152 8, /* Secret key size = 64 bits */ 

153 8, /* IV size */ 

154 8, /* Block size */ 

155 SSLDESInit, 

156 SSLDESEncrypt, 

157 SSLDESDecrypt, 

158 SSLDESFinish, 

159 SSLDESExport, 

160 SSLDESImport 

161 }; 
162 

163 SSLSymmetricCipher SSLCipherDES40_CBC = { 

164 8, /* Key size in bytes */ 

165 5, /* Secret key size = 40 bits */ 

166 8, /* IV size */ 

167 8, /* Block size */ 

168 SSLDESInit, 

169 SSLDESEncrypt, 

170 SSLDESDecrypt, 

171 SSLDESFinish 

172 }; 
173 

174 typedef struct _DESState 

175 { 

176 unsigned char key[24]; /* work for 3DES and DES both */ 

177 unsigned char iv[8] ; 

178 int reading; /* do we really need this? */ 

179 B_ALGORITHM_OBJ des; 

180 } DESState; 
181 

182 SSLErr 

183 SSLDESInit (uint8 *key, uint8* iv, void **cipherRef, SSLContext *ctx) 

184 ( 

185 SSLBuffer desState; 

186 B_ALGORI THM_OB J *des; 

187 Static B_ALG0RITHM_METHOD *chooser[] = { SAM_DES_CBC_ENCRYPT, SAM_DES_CBC_DECRYPT, 0 } ; 

188 B_KEY_OBJ desKey; 

189 ITEM keyData; 

190 SSLErr err; 

191 int rsaErr; 

192 DESState *s; 
193 

194 if ((err = SSLAllocBuf fer (SdesState, sizeof (DESState) , Sctx->sysCtx) ) != 0) 

195 return err; 

196 s = (DESState *) desState. data; 
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if ((rsaErr = B_SetAlgorithmInf o ( s->des, AI_DES_CBC_IV8 , 

return SSLUnknownErr; 
if ((rsaErr = B_CreateKeyObject ( sdesKey) ) != 0) 

return SSLUnknownErr; 
keyData.data = key; 
keyData.len = 8; 

if ((rsaErr = B_SetKeyInfo (desKey, KI_DES8, key)) != 0) 
( B_DestroyKeyObject ( SdesKey) ; 
return SSLUnknownErr; 

} 

if (cipherRef == (void** ) & (ctx->writePending. symCipherStc 



= B_EncryptInit (*des, desKey, chooser, sctx->sysCtx . yield) ) 



' (void**) & (ctx->readPending. symCipherState) ) 

i_Decrypt!nit (*des, desKey, chooser, sctx->sysCtx . yield) ) != 0) 



232 ASSERTMSG( "Couldn't determine read/writeness" ) ; 

233 

234 B_DestroyKeyObject (SdesKey) ; 

235 *cipherRef = (void*)s; 

236 return SSLNoErr; 

237 ) 
238 

239 SSLErr 

240 SSLDESEncrypt(SSLBuffer src, SSLBuffer dest, SSLBuffer *iv, void *cipherRef, SSLContext *ctx) 

241 { 

242 DESState *s = (DESState *) cipherRef; 

243 void *subCipherRef = NULL; 

244 int rsaErr; 

245 unsigned int outputLen; 

246 SSLBuffer temp; 

247 SSLErr err; 
248 

249 if (cipherRef == NULL) 

250 return SSLUnknownErr; 
251 

252 if(iv != NULL) 

253 ( 

254 if ((rsaErr = B_SetAlgorithmInf o (s->des, AI_DES_CBC_IV8, 

255 (POINTER) iv->data) ) != 
SSLNoErr) 

256 return err; 

257 } 

258 else 

259 ( 

260 if ((rsaErr = B_SetAlgorithmInfo (s->des, AI_DES_CBC_IV8, s->iv) ) != SSLNoErr) 



267 if (src. data == dest. data) 

268 /* BSAFE won't let you encrypt in place */ 

269 { if (ERR(err = SSLAllocBuf fer (stemp, src. length, Sc1 

270 return err; 

271 memcpy( temp. data, src. data, (size_t) src. length); 
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273 else 

274 temp = src; 
275 

276 if ((rsaErr = B_EncryptUpdate (s->des, dest.data, soutputLen, 

277 (unsigned int) dest. length, temp. data, 

278 (unsigned int) temp. length, 

279 (B_ALGORITHM_0BJ) 0, &ctx->sysCtx . yield) ) != 0) 

280 { if (src. data == dest.data) 

281 SSLFreeBuffer(&temp, &ctx->sysCtx) ; 

282 return SSLUnknownErr; 



i the IV for next time... V 

296 unsigned char *buf; 

297 

298 if ((rsaErr = B_GetAlgorithmInfo ( (POINTER *) sbuf, s->des, 

299 AI_DES_CBC_IV8) ) 

300 != SSLNoErr ) 

301 return err; 
302 

303 memcpy (s->iv, buf, sizeof (s->iv) ) ; 

304 } 
305 

306 /* memcpy (s->iv, dest.data + dest. length - 8, 8); */ 
307 

308 return SSLNoErr; 

309 } 
310 

311 SSLErr 

312 SSLDESDecrypt (SSLBuf fer src, SSLBuffer dest, SSLBuffer *iv, void *cipherRef, SSLContext " 

313 { 

314 DESState *s = (DESState *) cipherRef; 

315 int rsaErr; 

316 unsigned int outputLen; 

317 SSLBuffer temp; 

318 SSLErr err; 
319 

320 if (cipherRef == NULL) 

321 return SSLUnknownErr; 



i->des, AI_DES_C 



338 /* memcpy (s->iv, src. data + src. length - 8, 8); */ 
339 

340 if (src. data == dest.data) 

341 /* BSAFE won't let you encrypt in place */ 

342 { if (ERR(err = SSLAllocBuf f er ( stemp, src. length, &ctx->sysCtx) 

343 return err; 
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memcpy ( temp .data, 



( (rsaErr = B_DecryptUpdate (s->des, dest.data, soutputLen, 
(unsigned int) dest. length, temp. data, 
(unsigned int) temp. length, 
( B_ALGORITHM_OB J) 0, Sctx->sysCtx . yield) ) != ( 
if (src. data == dest.data) 

SSLFreeBuf fer (stemp, &ctx->sysCtx) ; 
return SSLUnknownErr; 



ASSERT (outputLen == src. length); 

:->sysCtx) ; 



'e the IV for next time... */ 
unsigned char *buf; 

if ((rsaErr = B_GetAlgorithmInf o ( (POINTER *) sbuf, s->des, 

AI_DES_CBC_IV8) 

!= SSLNoErr ) 



memcpy (s->iv, buf, sizeof(s->: 



378 return SSLNoErr; 

379 } 
380 

381 SSLErr 

382 SSLDESFinishlvoid *cipherRef, SSLContext 

383 { 

384 DESState *s = (DESState *) cipherRef; 

385 SSLBuffer desState; 

386 SSLErr err; 
387 



B_DestroyAlgorithmOb j ect ( s ( s->des ) ) ; 

memset (cipherRef, 0, sizeof (DESState) ) ; 
desState. data = (unsigned char* ) cipherRef ; 
desState. length = sizeof (DESState) ; 

err = SSLFreeBuf fer (sdesState, sctx->sysCtx) ; 



401 SSLErr SSLDESExport ( void *cipherRef, SSLContext *ctx, SSLBuffer *blob) 

402 { 

403 DESState *s = (DESState *) cipherRef; 



408 if (blob->length < (8+8)) 

409 return SSLMemoryErr ; 
410 

411 memcpy (blob->data, s->key, 8); 

412 memcpy (blob->data + 8, s->iv, 8); 

413 /* memcpy (blob->data + 16, & (s->reading) , 

414 blob->length = 16; 
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419 SSLErr SSLDESImport (void **cipherRef, SSLContext *ctx, SSLBuffer *blob) 

420 { 

421 unsigned char *key, *iv; 
422 

423 if (blob == NULL) 

424 return SSLUnknownErr; 

425 if (blob->length < 16) 

426 return SSLUnknownErr; 



:(key, iv, cipherRef, < 



437 SSLErr SSL3DESDecrypt ( SSLBuffer src, SSLBuffer dest, SSLBuffer *iv, void *cipherRef, SSLContext 

438 SSLErr SSL3DESFinish ( void *cipherRef, SSLContext *ctx) ; 

439 SSLErr SSL3DESExport (void *cipherRef, SSLContext *ctx, SSLBuffer *blob) ; 

440 SSLErr SSL3DESImport ( void **cipherRef, SSLContext *ctx, SSLBuffer *blob) ; 
441 

442 SSLSymmetricCipher SSLCipher3DES_CBC = { 

443 24, /* Key size in bytes */ 

444 24, /* Secret key size = 192 bits */ 

445 8, /* IV size */ 

446 8, /* Block size */ 

447 SSL3DESInit, 

448 SSL3DESEncrypt, 

449 SSL3DESDecrypt, 

450 SSL3DESFinish, 

451 SSL3DESExport, 

452 SSL3DESImport 

453 }; 
454 

455 SSLErr 

456 SSL3DESInit (uint8 *key, uint8* iv, void **cipherRef, SSLContext *ctx) 

457 { 

458 SSLBuffer desState; 

459 DESState *s; 

460 Static B_ALGORITHM_METHOD *chooser[] = { &AM_DES_EDE3_CBC_ENCRYPT, 
461 

SAM_DES_EDE3_CBC_DECRYPT, 0 }; 

462 B_KEY_OBJ desKey; 

463 ITEM keyData; 

464 SSLErr err; 

465 int rsaErr; 
466 

467 if ( (err = SSLAllocBuf f er ( SdesState, sizeof (DESState) , &ctx->sysCtx) ) != 0) 

468 return err; 

469 s = (DESState *) desState. data; 

470 if ((rsaErr = B_CreateAlgorithmObject (& (s->des) ) ) != 0) 

471 return SSLUnknownErr; 

472 if ((rsaErr = B_SetAlgorithmInfo (s->des, AI_DES_EDE3_CBC_IV8, iv) ) != 0) 

473 return SSLUnknownErr; 

474 memcpy (s->iv, iv, 8); 
475 

476 if ((rsaErr = B_CreateKeyObject (sdesKey) ) != 0) 

477 return SSLUnknownErr; 

478 keyData. data = key; 

479 keyData. len = 24; 

480 if ((rsaErr = B_SetKeyInfo (desKey, KI_24Byte, key)) != 0) 

481 ( 

482 B_DestroyKeyObject( SdesKey) ; 



Copied from 09782595 on 04/04/2005 



File: sdk / sslplus / src / ciphers .c Page 8 of 1 1 

Revision 1.11.2.1, by marcvh 

483 return SSLUnknownErr; 

484 ) 

485 memcpy (s->key, key, 24); 
486 

487 if (cipherRef == (void**) & (ctx->writePending . symCipherState) ) 

488 { 

489 if ((rsaErr = B_EncryptInit (s->des, desKey, chooser, 

490 &ctx->sysCtx. yield) ) != 

491 { 

:(sdesKey) ; 

(cipherRef == (void** ) s (ctx->readPending. symCipherState) ) 
E ((rsaErr = B_DecryptInit (s->des, desKey, chooser, 

&ctx->sysCtx. yield) ) != 



506 ASSERTMSG( "Couldn't determine read/writeness" ) ; 

507 

508 B_DestroyKeyObject (SdesKey) ; 

509 *cipherRef = (void* ) desState . data; 

510 return SSLNoErr; 

511 ) 
512 

513 SSLErr 

514 SSL3DESEncrypt (SSLBuffer src, SSLBuffer dest, SSLBuffer *iv, void *cipherRef, SSLContext * 

515 { 

516 DESState *s =(DESState *) cipherRef; 

517 int rsaErr; 

518 unsigned int outputLen; 

519 SSLBuffer temp; 

520 SSLErr err; 
521 

522 ASSERT (src. length == dest . length) ; 

523 ASSERT (src. length % 8 == 0) ; 

524 if (cipherRef == NULL) 

525 return SSLUnknownErr; 
526 

527 if(iv != NULL) 

528 { 

529 if ( (rsaErr = B_SetAlgorithmInfo(s->des, AI_DES_EDE3_CBC_IV8 , 

530 (POINTER) iv->data) ) 
SSLNoErr) 

531 return err; 

532 } 

533 else 



540 if (src. data == dest. data) 

541 /* BSAFE won't let you encrypt in place */ 

542 { if (ERR(err = SSLAllocBuffer (stemp, src. length, sctx->sysC 

543 return err; 

544 memcpy (temp. data, src. data, (size_t) src. length); 

545 ) 

546 else 

547 temp = src; 
548 

549 if ((rsaErr = B_EncryptUpdate (s->des, dest. data, soutputLen, 

550 (unsigned int) dest. length, temp. data, 

551 (unsigned int) temp. length, 

552 (B_ALGORITHM_OBJ) 0, &ctx->sysCtx . yield) ) !=0 
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if (src. data == dest.data) 

SSLFreeBuffer (Stemp, Sctx->sysCtx) ; 
return SSLUnknownErr ; 



ASSERT (outputLen == £ 



566 if (iv == NULL) 

567 { 

568 unsigned char *buf; 
569 

570 if ( (rsaErr = B_GetAlgorithmInfo( (POINTER *) sbuf, s->des, 

571 AI_DES_EDE3_CBC_IV8) ) 

572 != SSLNoErr) 

573 return err; 

574 memcpy (s->iv, buf, sizeof (s->iv) ) ; 

575 } 
576 

577 /* memcpy (s->iv, dest.data + dest. length - 8, 8); V 
578 

579 return SSLNoErr; 



void *cipherRef, SSLContext 



DESState *s = (DESState *) cipherRef; 

unsigned int outputLen; 
SSLBuffer temp; 
SSLErr err; 

ASSERT (src. length == dest . length) ; 
ASSERT (src. length % 8 == 0); 
if (cipherRef == NULL) 

return SSLNoErr; 

if(iv != NULL) 
( 

if ((rsaErr = B_SetAlgorithmInf o (s- 
SSLNoErr ) 



if ((rsaErr = B_SetAlgorithmInfo (s->des, AI_DES_EDE3_CBC_IV8, s->iv) ) 



610 if (src. data == dest.data) 

611 /* BSAFE won't let you encrypt in place */ 

612 ( if (ERR(err = SSLAllocBuff er ( Stemp, src. length, si 

613 return err; 

614 memcpy (temp. data, src. data, (size_t) src . length) ; 



temp = src; 

if ((rsaErr = B_DecryptUpdate (s->des, dest.data, soutputLen, 
(unsigned int) dest. length, temp. data, 
(unsigned int) temp . length, 
(B_ALG0RITHM_OBJ) 0, Sctx->sysCtx . yield) ) !=C 



Copied from 09782595 on 04/04/2005 



File: sdk / sslplus / src / ciphers.c Page 10 of 11 

Revision 1.11.2.1, by marcvh 

623 < if (src. data == dest.data) 

624 SSLFreeBuffer (Stemp, &ctx->sysCtx) ; 

625 return SSLUnknownErr; 

626 } 
627 

628 if (iv == NULL) 

629 { 

630 unsigned char *buf; 
631 

632 if((rsaErr = B_GetAlgorithmInfo (( POINTER *) sbuf, s->des, 

633 AI_DES_EDE3_CBC_IV8) ) 
SSLNoErr ) 

634 return err; 

635 memcpy (s->iv, buf, sizeof (s->iv) ) ; 

636 } 
637 

638 ASSERT (outputLen == src. length) ; 

•>sysCtx) ; 



647 } 
648 

649 SSLErr 

650 SSL3DESFinish(void *cipherRef, SSLContext *ctx) 

651 { 

652 DESState *s = (DESState *) cipherRef; 

653 SSLBuffer desState; 

654 SSLErr err; 
655 

656 



B_DestroyAlgorithmObject (s (s->des) ) ; 

memset (cipherRef , 0, sizeof (DESState) ) ; 
desState .data = (unsigned char* (cipherRef ; 
desState. length = sizeof (DESState) ; 
err = SSLFreeBuffer (sdesState, &ctx->sysCtx) ; 



668 SSLErr SSL3DESExport (void *cipherRef, SSLContext *ctx, SSLBuffer *blob) 

669 { 

670 DESState *s = (DESState *) cipherRef; 



678 memcpy (blob->data, s->key, 24); 

679 memcpy (blob->data + 24, s->iv, 8); 

680 blob->length = 32; 
681 

682 return SSLNoErr; 

683 ) 
684 

685 SSLErr SSL3DESImport (void **cipherRef, SSLContext *ctx, SSLBuffer *blob) 

686 { 

687 unsigned char *key, *iv; 
688 

689 if (blob == NULL) 

690 return SSLUnknownErr ; 

691 if (blob->length < 32)' 

692 return SSLUnknownErr; 
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693 

694 key = blob->data; 

695 iv = blob->data + 24; 
696 

697 return SSL3DESInit (key, iv, cipherRef, ctx) ; 

698 } 
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0 /* Copyright Aventail Corporation 1997-2000; All Rights Reserved */ 

1 /* sslenv.c is the SSL environment file; it defines functions used by 

2 the SSL module as callbacks for managing mutexes, memory, I/O, 

3 and user interaction. */ 

5 #include "sslmain.h" 

6 Iinclude "sslldap.h" 

7 Iinclude "ldapcert.h" 

8 Iinclude <aglobal.h> 

9 Iinclude <bsafe.h> 
10 Iinclude <pkcs.h> 

<due to the size of this file and the small portion of it which is relevant here, we include only the single function SSLEncode> 



970 int FAR EXPORT SSLEncode ( S5Packet *ibuf, S5Packet *obuf , int flag, void *handle) 

971 { 



972 SSSSLHandle *ref = handle; 

973 S5SSLFlowConnection *conn = & (ref->conn) ; 

974 SSLContext *ctx = ref->ctx; 

975 uint32 ilen; 

976 uint32 len = ibuf ? ibuf->len : 0; 

977 int ssloppy = 0; 
978 



979 lifdef HYPER_DEBUG 

980 int i; 

981 lendif 



982 SSLErr err; 

983 uint32 wrtp = 0; 
984 

985 if (flag & S5_STATEDUMP) 

986 { 

987 SSLBuffer block; 

988 unsigned totalSize; 

989 PSSLStateDump dump = (PSSLStateDump) obuf->data; 
990 

991 if (obuf->len < 4096) 

992 { 

993 obuf->len = 4096; 

994 return ENCODE_BUFFER_TOO_SMALL; 

995 } 
996 

997 // get the SSL state 

998 // 

999 if ((err = SSLExportContext (ctx, sblock)) != SSLNoErr) 

1000 ( 

1001 if (GlobalUpdate) 

1002 GlobalUpdate (sslLogHandle, S5_LOG_MISC, S5_LOG_ERROR, 

1003 IDS_SSL_EXPORTCONTEXTFAILED, err); 

1004 return -1; 

1005 ) 
1006 

1007 // compute the total size of the data 

1008 // 

1009 totalSize = block. length + sizeof (SSLStateDump) ; 
1010 

1011 // validate the output buffer size 

1012 // 

1013 if (obuf->len < totalSize) 

1014 { 

1015 obuf->len = totalSize; 

1016 SSLFreeBuf fer (sblock, 4ctx->sysCtx) ; 

1017 return ENC0DE_BUFFER_T0O_SMALL; 

1018 ) 
1019 

1020 // put the SSLStateDump structure at the beginning of the output buffer 

1021 // 

1022 dump->SSLContext = ctx; 

1023 dump->ContextSize = sizeof (SSLContext) ; 

1024 dump->SSLState.data = (uint8 *)(dump+l); 



Copied from 09782595 on 04/04/2005 



File: socks5 / common / modules / authentication / ssl / sslenv.c Page 2 of 7 

Revision 1.136.2.1, by marcvh 

1025 dump->SSLState. length = block. length; 

1026 

1027 // copy the SSL state to the output buffer 

1028 // 

1029 memcpy (dump->SSLState .data, block. data, block. length) ; 

1030 obuf->len = totalSize; 

1031 SSLFreeBuffer (Sblock, &ctx->sysCtx) ; 
1032 
1033 
1034 
1035 
1036 

1037 return 0; 

1038 } 
1039 

1040 if (ref->endtime > 0) 

1041 if (time ( (time_t *) NULL) >= ref->endtime) { 

1042 if (GlobalUpdate) 

1043 GlobalUpdate (sslLogHandle, S5_LOG_MISC, S5_LOG_VERBOSE, 

1044 IDS_SSL_LIFETIMEEXCEEDED) ; 

1045 return -1; 

1046 } 
1047 
1048 

1049 i 

1050 if(wrtp) 
1051 
1052 
1053 

1054 #endif 
1055 

1056 if (flag & S5_DATAGRAM) 

1057 if (ref->ssloppy) 

1058 { 

1059 if((rt = SSLSetSloppyMode(ctx, 1)) 

1060 { 
1061 
1062 
1063 

1064 return -1; 

1065 ) 

1066 ssloppy = 1; 

1067 ) 

1068 else 

1069 { 

1070 /* UDP naked, baby! */ 

1071 jfifdef HYPER_DEBUG 

1072 if (GlobalUpdate) 

1073 GlobalUpdate ( s slLogHandle , S 5_LOG_MI SC , S 5_LOG_VERBOSE , 

1074 IDS_SSL_GOTDATAGRAM, flag, ibuf->len) 

1075 #endif 
1076 

1077 #ifdef OPTIMIZE_UDP_NAKED 

1078 /* this is much cleaner and faster, but causes inconsistency in the 

1079 API from the caller. Sigh. */ 

1080 *obuf = *ibuf; 

1081 #else 

1082 #ifdef WIN32 

1083 obuf->data = HeapAlloc (GetProcessHeap ( ) , 0, ibuf->len) ; 

1084 #else 

1085 obuf->data = malloc (ibuf->len) ; 

1086 #endif 

1087 if (obuf->data == NULL) { 

1088 tifdef HYPER_DEBUG 

1089 FPRINTF(stderr, _T ( "Returning error, buf data is null in 
obufdata\n") ) ; 

1090 #endif 

1091 return SSLMemoryErr; 

1092 ) 

1093 memcpy (obuf->data, ibuf->data, ibuf->len) ; 
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1094 obuf->len = ibuf->len; 

1095 #endif 

1096 return ibuf->len; 

1097 } 
1098 
1099 
1100 

1101 if (flag s S5_ENCODE) { 
1102 

1103 #ifdef HYPER_DEBUG 

1104 if (GlobalUpdate) 

1105 GlobalUpdate (sslLogHandle, S5_LOG_MISC, S5_LOG_VERBOSE, 

1106 IDS_SSL_ENCODINGBYTES, ibuf->len) ; 

1107 tifndef AUTOSOCKS 

1108 for(i = 0; i < ibuf->len; i++) 

1109 FPRINTFfstderr, _T("%02x "), ibuf->data [i] ) ; 

1110 FPRINTF(stderr, _T("\n")); 

1111 iendif 

1112 #endif 
1113 

1114 #define SSL_MAX_ENCODE_SIZE 4096 
1115 

.116 \ 

.117 

1118 conn->modctx . log. update ( sslLogHandle, S5_LOG_MISC, S5_LOG_VERBOSE, 

1119 IDS_SSL_MAXENCODESIZEEXCEEDED, 

1120 ibuf->len, SSL_MAX_ENCODE_SIZE) ; 

1121 ibuf->len = SSL_MAX_ENCODE_SIZE; 

1122 } 

1123 #endif 
1124 

1125 if (obuf->data != NULL) { 

1126 if(obuf->len < (int) (ibuf->len + SSL_HEADLEN + 64 + wrtp) ) { 

1127 conn->modctx . log . update (sslLogHandle, S5_LOG_MISC, S5_LOG_DEBUG, 

1128 IDS_SSL_BUFFERTOOSHORT, 

obuf->len, 

1129 (ibuf->len + SSL_HEADLEN 
+ 64 + wrtp) ) ; 

1130 obuf->len = (int) ibuf->len + SSL_HEADLEN + 64 + wrtp; 

1131 if(ssloppy) SSLSetSloppyMode(ctx, 0) ; 

1132 return ENCODE_BUFFER_TOO_SMALL; 

1133 } 

1134 conn->writebuffer .data = obuf->data; 

1135 conn->writebuffer.len = obuf->len; 

1136 conn->writebuffer.off = SSL_HEADLEN; 

1137 conn->writeflag = SSL_FLOW_WRITE_NOMAKEBUF; 

1138 } else 

1139 conn->writeflag = 0; 
1140 

1141 ilen = (uint32) ibuf->len; 

1142 if ((err = SSLWrite (ibuf->data, Silen, ctx) ) ) { 

1143 conn->modctx . log. update) sslLogHandle, S5_LOG_MISC, S5_LOG_ERROR, 

1144 IDS_SSL_WRITEERROR, err ) ; 
1145 
1146 

1147 ) 
1148 

1149 if (conn->writebuffer.off > OxFFFF) { 

1150 conn->modctx . log. update (sslLogHandle, S5_LOG_MISC, S5_LOG_ERROR, 

1151 IDS_SSL_PACKETTOOBIG, 

1152 conn->writebuffer.off ) ; 

1153 if(ssloppy) SSLSetSloppyMode (ctx, 0) ; 

1154 return -1; 

1155 } 
1156 

1157 if (obuf->data != NULL) { 

1158 /* Here we shift the semantics of writebuf f er ; off now points 

1159 to the beginning of the data, and len points to the end of 

1160 the data, not the length of the buffer, which we no longer 

1161 need to know since we don't be depositing anything new in it */ 

1162 obuf->len = conn->writebuf fer .of f ; 
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1163 conn->writebuffer.len = conn->writebuf fer . of f ; 

1164 conn->writebuffer.off = SSL_HEADLEN; 

1165 } else { 

1166 if (conn->writebuffer.off == SSL_HEADLEN) 

1167 /* Wow! Some thoughtful soul in SSLFlowWrite has left us a 4 

1168 byte offset in the writebuffer so we can insert our header 

1169 without needing to malloc a new buffer and memcpy into it! */ 

1170 obuf->data = conn->writebuf fer . data; 

1171 else { 

1172 tifndef _WINDOWS 

1173 obuf->data = malloc (conn->writebuf fer . len + SSL_HEADLEN) ; 

1174 #else 

1175 #ifdef WIN32 

1176 obuf->data = HeapAlloc (GetProcessHeap ( ) , 0, 

1177 conn->writebuffer .len + 
SSL_HEADLEN) ; 

1178 #endif 

1179 #endif 

1180 if (obuf->data == NULL) { 

1181 conn->modctx. log. update (sslLogHandle, S5_LOG_MISC, 
1182 

S5_LOG_ERROR, IDS_SSL_MALLOCFAILED) ; 

1183 if(ssloppy) SSLSetSloppyMode (ctx, 0); 

1184 return -1; 

1185 ) 
1186 

1187 memcpy (obuf->data + SSL_HEADLEN, 

1188 conn->writebuf fer .data + conn->writebuffer .off , 

1189 conn->writebuf fer .len - conn->writebuf f er . of f ) ; 

1190 #ifdef WIN32 

1191 HeapFree (GetProcessHeap ( ) , 0, conn->writebuf fer . data) ; 

1192 #else 

1193 free (conn->writebuf fer. data) ; 

1194 #endif 

1195 } 
1196 

1197 obuf->len - (int) (conn->writebuf f er . len - 

1198 conn->writebuffer.off + SSL_HEADLEN) ; 

1199 } 
1200 

1201 obuf->data[0] = S SL_HEADVERS I ON ; 

1202 obuf->data[l] = conn->state; 

1203 obuf->data[2] = (uint8) ( (conn->writebuffer.len - conn->writebuf fer. off ) 

1204 » 8) ; 

1205 obuf->data[3] = (uint8) ( (conn->writebuffer.len - conn->writebuf fer. of f ) 

1206 & OxFF); 

1207 conn->writebuf fer. data = NULL; 

1208 conn->writebuffer.len = 0; 

1209 conn->writebuf fer .off = 0; 

1210 if (GlobalUpdate) 

1211 GlobalUpdate (sslLogHandle, S5_L0G_MISC, S5_LOG_VERBOSE, 

1212 I DS_S SL_ENCODERETURN ING , obuf->len, ilen); 

1213 #ifdef HYPER_DEBUG 

1214 #ifndef AUTOSOCKS 

1215 for(i = 0; i < obuf->len; i++) 

1216 FPRINTF(stderr, _T("%02x "), obuf->data [i] ) ; 

1217 FPRINTFtstderr, _T("\n")); 

1218 #endif 

1219 lendif 

1220 if(ssloppy) SSLSetSloppyMode (ctx, 0); 

1221 return (int) ilen; 

1222 ) 
1223 

1224 /* we must be decoding, instead of encoding.. */ 

1225 #ifdef HYPER_DEBUG 

1226 if (GlobalUpdate) 

1227 GlobalUpdate (sslLogHandle, S5_LOG_MISC, S5_LOG_VERBOSE, 

1228 IDS_SSL_DECODINGBYTES, ibuf->len) ; 

1229 if (GlobalUpdate) 

1230 GlobalUpdate (sslLogHandle, S5_LOG_MISC, S5_LOG_VERBOSE, 

1231 IDS_SSL_READBUFFERCOMINGIN, 
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1232 
1233 
1234 
1235 




i->readbuffer .off ) ; 



1236 FPRINTF(stderr, _T("\n")); 

1237 jfendif 

1238 ffendif 
1239 

1240 if(ibuf->len < SSL_HEADLEN) 

1241 < 

1242 conn->modctx. log. update (sslLogHandle, S5_LOG_MISC, S5_LOG_ERROR, 

1243 I DS_SS L_DECODE I NCOMPLETE PACKET ) ; 

1244 if(ssloppy) SSLSetSloppyMode (ctx, 0); 

1245 return -1; 

1246 } 
1247 

1248 if (ibuf->data[0] != S S L_HEADVERS I ON ) { 

1249 conn->modctx. log. update (sslLogHandle, S5_LOG_MISC,S5_LOG_ERROR, 

1250 IDS_SSL_HEADERVERSIONMISMATCH, 

1251 SSL_HEADVERSION, ibuf->data [ 0 ] ) ; 

1252 if(ssloppy) SSLSetSloppyMode (ctx, 0); 

1253 return -1; 

1254 } 

1255 if (ibuf->data[l] != conn->state) ( 

1256 conn->modctx. log. update! sslLogHandle, S5_LOG_MISC,S5_LOG_ERROR, 

1257 IDS_SSL_HEADERSTATEMISMATCH, 

1258 conn->state, ibuf->data[l] ) ; 

1259 if(ssloppy) SSLSetSloppyMode (ctx, 0); 

1260 return -1; 

1261 } 
1262 

1263 ilen = ( (uint8) ibuf->data [2 ] ) « 8; 

1264 ilen |= (uint8) ibuf->data [3] ; 

1265 ilen += SSL_HEADLEN; /* we must include the header in the length because 

1266 no man is an ilen. Er, because it's the 

1267 of the whole record, including the header. 
1268 

1269 #ifdef HYPER_DEBUG 

1270 if (GlobalUpdate) 

1271 GlobalUpdate (sslLogHandle, S5_LOG_MISC, S5_LOG_VERBOSE, 

1272 IDS_SSL_PACKETSIZE, ilen); 

1273 #endif 
1274 

1275 if(ibuf->len < (int) (ilen)) ( 

127 6 conn->modctx . log . update (sslLogHandle, S5_LOG_MISC, S5_LOG_ERROR, 

1277 IDS_SSL_DECODEINCOMPLETEPACKET) ; 

1278 if(ssloppy) SSLSetSloppyMode (ctx, 0) ; 

1279 return -1; 

1280 } 
1281 

1282 #if 0 

1283 if(ibuf->len > (int) (ilen)) { 

1284 conn->modctx . log. update (sslLogHandle, S5_LOG_MISC, S5_LOG_ERROR, 

1285 I DS_S SL_DEC0DEOVERFULL PACKET ) ; 

1286 if(ssloppy) SSLSetSloppyMode (ctx, 0); 

1287 return -1; 

1288 ) 

1289 tendif 
1290 

1291 SSLGetReadPendingSize(ctx, swrtp) ; /* this should be zero, but seems to 

1292 not always be, so we be safe.. */ 
1293 

1294 #if 0 

1295 /* we need to choose the size of the obuf here; since SSL adds some 

1296 boundary information the size of the input should be big enough. 

1297 If SSL+ starts to support compression this assumption will have 

1298 to change. */ 

1299 len = conn->readbuf f er . len - conn->readbuf f er . of f + wrtp + ilen; 

1300 #else 

1301 /* OK, so we decided to change it. Now we know the record can't 

1302 be larger than 16K. */ 
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1303 /* len = conn->readbuf f er . len - conn->readbuf f er . of f + wrtp + 16384; */ 

1304 /* Hmm. . the above seems to cause telnet to studder, while a fixed 32k 

1305 size fixes it, so 32k it shall be... */ 

1306 len = 32767; 

1307 iendif 

1308 if (obuf->data != NOLL) { 

1309 if(obuf->len < (int) len) { 

1310 if (GlobalUpdate) 

1311 GlobalUpdate (sslLogHandle, S5_LOG_MISC, S5_LOG_DEBUG, 

1312 IDS_SSL_BUFFERTOOSMALL, obuf->len, len); 

1313 obuf->len = (int) len; 

1314 if(ssloppy) SSLSetSloppyMode (ctx, 0) ; 

1315 return ENCODE_BUFFER_TOO_SMALL; 

1316 ) 

1317 ) else { 

1318 #ifndef _WINDOWS 

1319 obuf->data = (unsigned char *) malloc (len) ; 

1320 #else 

1321 #ifdef WIN32 

1322 obuf->data = HeapAlloc (GetProcessHeap ( ) , 0, len); 

1323 #endif 

1324 #endif 

1325 } 

1326 #if 0 

1327 /* must read all the data we can.. */ 

1328 len = ilen + conn->readbuf f er . len; 

1329 #endif 
1330 

1331 if (conn->readbuf fer .data == NULL) { 

1332 /* conn->readbuf fer. data = malloc ( (si ze_t) (len - SSL_HEADLEN) ) ; */ 

1333 /* Try to re-use the input buffer instead of needing to create 

1334 a new one and memcpy into it. readflag lets us know we did 

1335 this so we don't try to change or free the space later */ 

1336 conn->readbuf fer .data = ibuf->data; 

1337 conn->readbuffer.len = ilen; 

1338 conn->readbuffer.off = SSL_HEADLEN; 

1339 conn->readflag = SSL_FLOW_READ_NOOWNBUF; 

1340 ) else { 

1341 conn->readbuf fer .data = realloc (conn->readbuf fer .data, 

1342 (Size_t) (len - SSL_HEADLEN) ) ; 

1343 conn->readflag = 0; 

1344 if (conn->readbuffer .data == NULL) { 

1345 conn->modctx. log. update (sslLogHandle, S5_LOG_MISC, S5_LOG_ERROR, 

1346 IDS_SSL_REALLOCFAILED) ; 

1347 if(ssloppy) SSLSetSloppyMode (ctx, 0) ; 

1348 return -1; 

1349 } 

1350 memcpy (conn->readbuf fer. data + conn->readbuf fer . len, 

1351 ibuf->data + SSL_HEADLEN, (size_t) (ilen - SSL_HEADLEN) ) ; 

1352 conn->readbuffer.len += ilen - SSL_HEADLEN; 

1353 ) 
1354 

1355 if ((err = SSLRead ( (void *) obuf->data, Slen, ctx)) && 

1356 (err != SSLWouldBlockErr) ) { 

1357 conn->modctx. log. update (sslLogHandle, S5_L0G_MISC, S5_LOG_ERROR, 

1358 IDS_SSL_READERROR, err); 

1359 if(ssloppy) SSLSetSloppyMode (ctx, 0); 

1360 return -1; 

1361 ) 

1362 obuf->len = (int) len; 

1363 #ifdef HYPER_DEBUG 

1364 if (GlobalUpdate) 

1365 GlobalUpdate (sslLogHandle, S5_LOG_MISC, S5_LOG_VERBOSE, 

1366 I DS_SSL_ENCODERETURNINGBYTES , 

1367 ilen, len); 

1368 if (GlobalUpdate) 

1369 GlobalUpdate (sslLogHandle, S5_LOG_MISC,S5_LOG_VERBOSE, 

1370 IDS_SSL_READBUFFERGOINGOUT, 

1371 conn->readbuffer.len - conn->readbuf fer . of f ) ; 

1372 #ifndef AUTOSOCKS 

1373 for(i = 0; i < len; i++) 
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1374 FPRINTF(stderr, _T("%02x "), obuf->data [i] ) ; 

1375 FPRINTF(stderr, _T("\n n )); 

1376 #endif 

1377 #endif 

1378 if (conn->readflag & SSL_FLOW_READ_NOOWNBUF) 

1379 if (conn->readbuffer.off < conn->readbuf fer . len) { 

1380 BYTE *t; 
1381 

1382 if (GlobalUpdate) 

1383 GlobalUpdate (sslLogHandle, S5_LOG_MISC, S5_LOG_WARNING, 

1384 IDS_SSL_ENCODELEAVINGDATA, 

1385 conn->readbuffer.len - conn->readbuffer .off ) 

1386 t = malloc(conn->readbuffer.len - conn->readbuf f er . of f ) ; 

1387 memcpy(t, conn->readbuf fer. data + conn->readbuf f er . of f , 

1388 conn->readbuffer.len - conn->readbuf fer .off ) ; 

1389 conn->readbuf fer .data = t; 

1390 conn->readbuffer .len = conn->readbuf fer . len - conn->readbuf f er . of f ; 

1391 conn->readbuffer.off = 0; 

1392 } else { 

1393 conn->readbuf fer. data = NULL; 

1394 conn->readbuffer.off = 0; 

1395 conn->readbuffer.len = 0; 

1396 } 

1397 if(ssloppy) SSLSetSloppyMode (ctx, 0) ; 

1398 return (int) ilen; 

1399 ) 
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